#!/bin/sh

set -e

export DEBIAN_FRONTEND=noninteractive

# Do not use virtual machine proxy before apt-cacher-ng is installed
if [ "$http_proxy" = "http://$(hostname -f):3142" ] &&
   ! [ -f /etc/apt-cacher-ng/acng.conf ]; then
	LOCAL_HTTP_PROXY="$http_proxy"
	http_proxy=''
fi

rm -f /etc/apt/preferences.d/* /etc/apt/sources.list.d/*

# Add our builder-jessie repository for live-build, and pin it low
echo 'deb http://deb.tails.boum.org/ builder-jessie main' > /etc/apt/sources.list.d/tails.list
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/tails <<EOF
	Package: *
	Pin: origin deb.tails.boum.org
	Pin-Priority: 99
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/discount <<EOF
	Package: discount libmarkdown2 libmarkdown2-dev
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/ikiwiki <<EOF
	Package: ikiwiki
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/live-build <<EOF
	Package: live-build
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/syslinux-utils <<EOF
	Package: syslinux-utils
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF

# We don't want to use apt-cacher-ng for gpg
http_proxy="" gpg --keyserver hkps.pool.sks-keyservers.net --recv-key C7988EA7A358D82E
gpg --export C7988EA7A358D82E | sudo apt-key add -

# We need a newer version of debootstrap for saving the list of
# packages used when building Tails (#6297).
echo 'deb http://ftp.us.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list

apt-get update
apt-get -o Dpkg::Options::="--force-confold" -y install apt-cacher-ng

# Install custom configuration for apt-cacher-ng and restart
install -o root -g root -m 644 /vagrant/provision/assets/acng.conf /etc/apt-cacher-ng/acng.conf
service apt-cacher-ng restart

# Restore local HTTP proxy if needed
if [ "$LOCAL_HTTP_PROXY" ]; then
	http_proxy="$LOCAL_HTTP_PROXY"
fi

# Upgrade if needed
apt-get -y dist-upgrade

# Those are needed to build Tails
apt-get -y install \
        debootstrap/jessie-backports \
        dpkg-dev \
        eatmydata \
        gettext \
        git \
        ikiwiki \
        intltool \
        libfile-slurp-perl \
        liblist-moreutils-perl \
        live-build \
        rsync \
        syslinux-utils \
        time \
        whois

# Be sure to get all the modules we need for our Ikiwiki
apt-get -y --no-install-recommends install \
        libfile-chdir-perl \
        libhtml-scrubber-perl \
        libhtml-template-perl \
        libtext-multimarkdown-perl \
        libtimedate-perl \
        liburi-perl libhtml-parser-perl \
        libxml-simple-perl \
        libyaml-libyaml-perl po4a \
        libyaml-perl \
        libyaml-syck-perl \
        perlmagick \
        wdg-html-validator

# Add build script
install -o root -g root -m 755 /vagrant/provision/assets/build-tails /usr/local/bin

disable_live_build_conf()
{
	local var="$1"

	[ -e /etc/live/build.conf ] || return 0
	sed -e "/^[[:space:]]*$var=/d" -i /etc/live/build.conf
}

# Force live-build to use the mirrors configured in auto/config
for prefix in MIRROR PARENT_MIRROR ; do
	for target in BOOTSTRAP BINARY CHROOT ; do
		for archive in '' BACKPORTS SECURITY UPDATES VOLATILE ; do
			if [ -z "$archive" ] ; then
				archive_suffix=''
			else
				archive_suffix="_${archive}"
			fi
			var="LB_${prefix}_${target}${archive_suffix}"
			disable_live_build_conf "$var"
		done
	done
done

# Clean up
apt-get -y autoremove
apt-get -y clean
perl /usr/lib/apt-cacher-ng/expire-caller.pl || echo "The clean-up of apt-cacher-ng's cache failed: this is not fatal and most likely just means that some disk space could not be reclaimed -- in order to fix that situation you need to manually investigate /var/log/apt-cacher-ng/main_*.html " >&2

# XXX: Remove this once we generate a basebox > 20160226
if grep -q "^AcceptEnv" /etc/ssh/sshd_config; then
    sed -i 's/^AcceptEnv/#AcceptEnv/' /etc/ssh/sshd_config
    systemctl reload ssh.service
fi
